准备工作
1、安装vim
yum -y install vim*
2、关闭防火墙
systemctl stop firewalld systemctl disable firewalld
3、时间校正(系统时间不一致会导致node节点无法加入集群)
yum install -y ntpntpdate cn.pool.ntp.org
4、关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/configsetenforce 0
5、关闭swap
vim /etc/fstab注释/dev/mapper/centos-swap swap swap defaults 0 0
6、将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOFsysctl --system
所有的节点
1、安装docker
yum -y install wget
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
docker --version
2、添加阿里云软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
3、安装指定版本1.13.3,以及跳过公钥版本检查,以及解决kubernetes-cni问题,并检查版本,会避免后续很多坑。。。
yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0 --nogpgcheck
kubelet --version
kubeadm version
4、启动服务
systemctl enable kubelet.service
master节点
1、初始化
kubeadm init \
--apiserver-advertise-address=xxx.xxx.xx.xx \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.13.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16启动成功响应如下:
Your Kubernetes master has initialized successfully!
To start using your cluster...
2、部署Pod网络插件
kubectl apply -f \ https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
3、验证,所有status为running才是成功的
kubectl get pod --all-namespaces
集群加入Node
kubeadm join 192.168.20.14:6443 --token xxx --discovery-token-ca-cert-hash \sha256:xxx
master上获取token(24h有效):或者直接新建
kubeadm token listkubeadm token create
master上获取证书的sha256编码hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
mster节点查看集群内各个节点状态